webAI and MacStadium(link is external) announced a strategic partnership that will revolutionize the deployment of large-scale artificial intelligence models using Apple's cutting-edge silicon technology.
The Secret: Kubernetes Edition
September 09, 2019
So you think your K8s cluster is configured correctly?
Well … think again.
How do we know? Alcide just completed an analysis of Kubernetes multi-cluster vulnerabilities, and the results are not good. It turns out that in 89% of deployments, companies are not using Kubernetes' Secrets resources, with sensitive information wired in the open. Moreover, 75% of the deployments studied use workloads which mount high-vulnerability host file systems such as /proc and none of the deployments showed segmentation implementation using Kubernetes' network policies.
Secrets(link is external) are a crucial functionality in Kubernetes that everyone should be using, so it's disheartening to learn that so many aren't taking advantage of the security benefits Secrets provide, and leaving themselves unnecessarily vulnerable.
Why You Need to be Using Secrets
Kubernetes users and/or administrators sometimes include sensitive information, such as usernames, passwords, and SSH keys, in their pods. But when credentials that grant access to systems that are critical to business functions (databases, web hosting accounts, encrypted email, various applications, etc.) are inserted verbatim into pod specs or container images, there is a very real risk of security breaches if anyone manages to hack into your code.
Secrets are essentially API objects that encode sensitive data, then expose it to your pods in a controlled way. This enables encapsulating Secrets by specific containers, or sharing them. A Secret stores the information and cloaks it from the pod so that it is black-boxed; all the pod knows is that it has permission to use this Secret, but it can't see the information contained within (and neither can anyone who hacks into your code).
How Secrets Work in Kubernetes Deployments
There are two ways in which a Secret can be used with a pod: as files in a volume mounted on one or more of its containers, or as environment variables. Pods do not have access to each other's Secrets, which further facilitates encapsulating sensitive data across multiple pods. Secrets are stored in tmpfs — not written to disk — and they are only sent to nodes that need them. When the pod containing the Secret is deleted, the Secret is deleted too. SSL/TLS protects communication between users and the API server. Containers in pods must request a Secret volume in its volumeMounts in order for it to be visible in the container. This enables constructing security partitions at the pod level.
How to Make Sure You're Using Secrets
Hopefully you're going to use Secrets from now on. The best way to ensure you're using Secrets the right way is to use a monitoring tool that can not only assess if Secrets are being used, but can also detect where sensitive information is exposed or not secured and needs to be using Secrets. You should know what workloads are allowed to access and communicate with what data. If communication between apps deviates outside their prescribed lines, those deviations should be flagged for DevOps and security teams to investigate.
As new, data-intensive systems are spun up to keep pace with business needs, maintaining security should be a top concern for everyone. Gartner's(link is external) report on cloud security asserts that through 2022, 95% of security failures will be the result of unintentional errors on the customer's part.
In other words, if you're not using Secrets and your data gets compromised, you have no one to blame but yourself.
Industry News
March 27, 2025
March 27, 2025
Development work on the Linux kernel — the core software that underpins the open source Linux operating system — has a new infrastructure partner in Akamai. The company's cloud computing service and content delivery network (CDN) will support kernel.org, the main distribution system for Linux kernel source code and the primary coordination vehicle for its global developer network.
March 27, 2025
Komodor announced a new approach to full-cycle drift management for Kubernetes, with new capabilities to automate the detection, investigation, and remediation of configuration drift—the gradual divergence of Kubernetes clusters from their intended state—helping organizations enforce consistency across large-scale, multi-cluster environments.
March 26, 2025
Red Hat announced the latest updates to Red Hat AI, its portfolio of products and services designed to help accelerate the development and deployment of AI solutions across the hybrid cloud.
March 26, 2025
CloudCasa by Catalogic announced the availability of the latest version of its CloudCasa software.
March 26, 2025
BrowserStack announced the launch of Private Devices, expanding its enterprise portfolio to address the specialized testing needs of organizations with stringent security requirements.
March 25, 2025
Chainguard announced Chainguard Libraries, a catalog of guarded language libraries for Java built securely from source on SLSA L2 infrastructure.
March 25, 2025
Cloudelligent attained Amazon Web Services (AWS) DevOps Competency status.
March 25, 2025
Platform9 formally launched the Platform9 Partner Program.
March 24, 2025
Cosmonic announced the launch of Cosmonic Control, a control plane for managing distributed applications across any cloud, any Kubernetes, any edge, or on premise and self-hosted deployment.
March 20, 2025
Oracle announced the general availability of Oracle Exadata Database Service on Exascale Infrastructure on Oracle Database@Azure(link sends e-mail).
March 20, 2025
Perforce Software announced its acquisition of Snowtrack.
March 19, 2025
Mirantis and Gcore announced an agreement to facilitate the deployment of artificial intelligence (AI) workloads.
March 19, 2025
Amplitude announced the rollout of Session Replay Everywhere.
March 18, 2025
Oracle announced the availability of Java 24, the latest version of the programming language and development platform. Java 24 (Oracle JDK 24) delivers thousands of improvements to help developers maximize productivity and drive innovation. In addition, enhancements to the platform's performance, stability, and security help organizations accelerate their business growth ...
